Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.


Password Rules

Filed under: Advice from your Uncle Jim,Fun,Geek Work,News and Current Events,Truth and Consequences — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:30 am for you boring, normal people.
The moon is Waning Gibbous

Do you know those horrible password rules about adding random characters and numbers and stuff?

IT professionals hate them, too. Honest. I can say that because I am, in fact, an IT professional and have been for just shy of thirty years. (You can read more about my qualifications to call myself an IT pro at my other website, which includes Jim Hoffman’s CNE Resume, because, yes, I’ve been doing this so long I’m certified in things that no one really uses anymore.) I remember when the standard for passwords changed, requiring normal people to do things like including special characters or numbers and a mix of upper case and lower case letters. We were told that it would make the resulting passwords exponentially harder to guess. At the time, that may have been true, though I doubt it. It turns out, those rules were written by a government bureaucrat who used an out-of-date white paper to make his recommendations. And, now, even that bureaucrat regrets making those rules that only make your password harder to remember. Also, all that advice about translating a famous quote into a password by changing out words for symbols or letters? Essentially useless. With the computing power of moderns machines, the randomness of a short password really doesn’t matter at all. Length is the real key. So, having a password like “P@SSw0rd” isn’t significantly more secure than “password”, except, of course, that hackers are likely to guess the simple words first and “password” is actually one of the ten most popular passwords. So don’t use that. What’s better is to use a longer password, like an entire sentence without punctuation. And, if you have to include numbers and special characters, just tack them at the end or beginning. In other words, something more like “MyPasswordIsVerySecure@9”, because the length of that password IS exponentially harder to guess than “password”. Don’t believe me? Then just look at this infographic that shows how the length of your password is really the determining factor in how hard it is for hackers to crack.

How Long Would Your Password Last Against An Expert?

Of course, some systems limit the length of a password, unfortunately, but, until everyone else catches up to us, you have to work with what you’re given.
Come back next week to see what uncomfortable truths I have to share with you!

This post first appeared on Use Your Words!

Advice from your Uncle Jim:
"A critic is a man who knows the way but can't drive the car."
   --Kenneth Tynan

Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.